7f308d1e2ba88dd663d486bc3b5f9a6027aa5b69863a496d89e046b65d48d471

General

Target

b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
Size

79KB
MD5

b59fb549663df9f7a81a0fa4a9e219a0
SHA1

06c7871b9eda098889641f2e05e9bc901e148879
SHA256

7f308d1e2ba88dd663d486bc3b5f9a6027aa5b69863a496d89e046b65d48d471
SHA512

89e742bb7ac9e40e99b0795e862636bbd843449420f26d6a8495b56f2fa868de9da0e3a59c73d10cdde9597c3ac15be1c59f9293e753b5b632c6aed3c3a649b8
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vSn6:6e7WpMaxeb0CYJ97lEYNR73e+eKZk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3501) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b59fb549663df9f7a81a0fa4a9e219a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2580

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
79KB

MD5
133b5e5b276d1dbedc3e3392230433d1

SHA1
87fa4adcda2a6f0e5fc34ed6a0b55a4b7ff70e5f

SHA256
7f763f5bc7a17ddea78a3d8c126e89c1251fd64137ca02b84b285ca5963deda8

SHA512
0194dc0eccad7e6840eb29b94b80d1d8240ae5e3d3560bd0b235b52fd22fe493a83e86f1212f8946882016bf7ae432fe4c2920eadb0fcbc89a8a014e17b2f6a2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
88KB

MD5
64802f0d29fd3af36be27e7bef590f00

SHA1
117e80a4aaed21e4b7461c68b33fd7feda887a5f

SHA256
3021538fb343d5927ce6b94381a571b0b117f71f1a7176f24754f39196e463b7

SHA512
a9501198d70591481052e6bcc230ab1af683fdd451ef5371baf11dd162b3b46b4e8cd7998150f1e5d9b70a2dcdc2b2be2f0ab57c71d671a7bc3377722ef3d850

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads