ea857e8e2809e9a696b33ae47ee741002946fd5332bfd02bb9e9c580ec18f65d

General

Target

83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
Size

84KB
MD5

83154e0637f80fe8262004f0ffd2cd80
SHA1

6aa394e2cbc2e6cd3c97c0de3107c81ae135686b
SHA256

ea857e8e2809e9a696b33ae47ee741002946fd5332bfd02bb9e9c580ec18f65d
SHA512

9125cc64469ba97cb738ec5c4f4c56edf11c9614e1aa9a0c2a74387eb283b8efffe984c9e9f0b2a5337ba8f82a6c310a9e1ce09e8298e5ff4ec6bdefd18a26fd
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7uH9uHH:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\RepairMerge.dotm.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\83154e0637f80fe8262004f0ffd2cd80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2060

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
84KB

MD5
dc1b205db399de0b8f786e2a836e57bf

SHA1
0d9508eef1942496cae12e3327240c93bbcc6151

SHA256
85abfdc6476e0123ce8fa581b85a3a4c17ecd8cc189ac3bb9f9d9c3b348127d8

SHA512
22777721ba7f26bd6a4cc7e58b399bd831c1beffe15ff4d6b8f9f6ffee008f56e1af61f113751e1658a17c3b7e22c1c6e17e677691e1f9b7179b148e9482e0a6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
827bf7a9c3768554b08b6efad191411e

SHA1
b990798e60076a8e671c5dd489b54c795c62c793

SHA256
0dacdc95bd1a358da6bea13034472fd7921a1ef8c779d9ddad2f3a95425dfd27

SHA512
1d4464651acbe9f6d0681f0158f1d00417ffdff4bacf3ac55ccc09748ca5fdafd01d263ea18f662a3b267f59e37fe19102541626a042b3c357f9eec74cf291a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads