019300c687cdbc5691c116120fccd852c26dac7e3713092081074c66de28add5

General

Target

840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
Size

77KB
MD5

840e71a970698432eed7cee9e40d9310
SHA1

6cc8639353f547640d74e1db7967582611c8d40c
SHA256

019300c687cdbc5691c116120fccd852c26dac7e3713092081074c66de28add5
SHA512

2f5fc05957ab8fabb3882b8366b5e9cb658d60cf78f95e6eb09b47c74edbc90b88fb18d9aa2ef49038b91e0ffcbe6537898cf66ebfd8e0c02c23e438af6a7109
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv2h:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDck

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3427) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\840e71a970698432eed7cee9e40d9310_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1976

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
77KB

MD5
70011ec1d40847a1b40c1aa3d38c10e6

SHA1
da994120ca9c67b06ffdf2a11065900aed249575

SHA256
c419870aceee733c0390a4ce175112b9268ac8b0f2811fe6c2f21295f025c892

SHA512
e21269d58bd77d940ecd712f6da356f6c1f9c97f55560bfdf643746a2ee1006573882938d18ad8d1f16872fb683fb973e656656683309db65385d036e8a634bd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
86KB

MD5
3d3937cc0525c58b0220bfd656325e7d

SHA1
fe52c6e2779452069f7ba78755cf961cff326ce9

SHA256
a59e2990f8c22802da86aca17ecfed5aca38f3691e0ebde34a0ac1481b9f0254

SHA512
e8dea116b20450af3b009857e7a61d0cb0ff2fa1c5b45e780c8e8321d8c4cdce1ad9e0458bf2df8384946987d118408c8fc2b73e27036db3467fe85cf89eabd0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads