9c3392a858deba9f2792536ebbdf58488594531c5c809ee73b8ef8427ecec7d9

General

Target

83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
Size

78KB
MD5

83f5fe687d2194b765c058a4d2d55c40
SHA1

4832c180e67b1e1af7eaf4b5c1fc83526ee91296
SHA256

9c3392a858deba9f2792536ebbdf58488594531c5c809ee73b8ef8427ecec7d9
SHA512

e69f7cdc27c75cac2292145d1eaaeaeec957942c3654b5b7f9b128de98d2fc20bd2199ef201b61423713f51b22606a34acb59d93ce65de754ee4ea9fbb9125b9
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHZ:W7ZDpApYbWjIlE77ufL2e+efZwZav1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3497) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\83f5fe687d2194b765c058a4d2d55c40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
78KB

MD5
46edc3bc0efb0a3b562f670f993c2851

SHA1
5c5ecc6c2a58fb7ac1721aaf09d4ee4cdc9cc985

SHA256
5236d213276b6184303396b73789286831d47a4074074aac3079c2baeb50928e

SHA512
a40d4bf92a55bbd65bb751dfe4d1fbacf4157b127d350874dc86254bbb79beaf4822543764f1e495aac6b569d3cb9d2a73afeb3e0d66003dc99e2054a5d3763e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
87KB

MD5
ee880cfda7a792e09dbcab21503bc601

SHA1
5fd77407f3227e0381ea4812ef34961e2cb66e7c

SHA256
b20edfed3c29437a0335be8ec8ebf5bb83d816a04f5c17cc6990a00ecbea8ba0

SHA512
08cdc92850b787e48281d36093359d7a6475d8b133d44c6fcd98d01b3166c3c3407bc81285359f102f389a9845b3538d51ed526998af56839541fdcd3393bc1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads