b1a94539d31ecc88d179b402cafc71f8015c9467b60651a3f201af97e1e191a4

General

Target

742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
Size

75KB
MD5

742fcdc54219b15fcb1a98f73dc3f950
SHA1

6893ef7ebe54bbb5a71f3883909768406b0b8347
SHA256

b1a94539d31ecc88d179b402cafc71f8015c9467b60651a3f201af97e1e191a4
SHA512

816fdf1a0b5b6c2f2722ae6c3596d513652acc937b50285a0d57a27b3ab46edfaade80250c14fa50326167c5a8a5095440c1ce308b71d4d12cf283593a4fc202
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhn:6pWpUFpEhLfyBtPf50FWkFpPDze/qFse

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3141) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\742fcdc54219b15fcb1a98f73dc3f950_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2820

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
75KB

MD5
7b82b05fa79319c2f69f211a417cd69e

SHA1
b42d917483110893b87ad087886b5d53d003b6ef

SHA256
6a10db2fe5d26153aee7c692f476b86fc47c4a80e45a32a0c5fff38eff35e94f

SHA512
fbae270c55d3514f7ec4ccd5a1ecba7b24b6d76eab9e5bfc2c1def8f4ef715472c73d4c4ce3e6e25ebb5ea405bd69a0743716be3e4efca67b8fa8deb419edced

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
84KB

MD5
711c1867e4b316b22a686e3fd0e98711

SHA1
93b17c3f91bb8593ee42bd60908b26fdcd53f2bb

SHA256
7276b8c55e031c5d8c3c360d86e1ecd5799a37a9c4847ac70dda7628016f5028

SHA512
c2504d2a3e5c76b9296e4c7e168643a4ce54ba88a72ddbdeb5855bd9c3c7c14c725fde9e612e055d71866033489c39d429bde0cb178f3482f4a965c3bca335e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads