b694cebacf2bdff6169741f530efa05ae4042c23da513c7fb49d4aab7c2020ff

General

Target

099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
Size

80KB
MD5

099bcbb281528eefa00b4dbfdd8b9cd0
SHA1

72c287fa4d0b77ea9b52f99094a89428f84ef74f
SHA256

b694cebacf2bdff6169741f530efa05ae4042c23da513c7fb49d4aab7c2020ff
SHA512

5d01ca118c6a96f873eee2e42ca071a4bab3e6c207f31787b5695ef4e15da8700a98f1e7e8d54b788f0783bd04507df34bf4816a7f9aba615c1afc7929515b6a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eXgTg2:6e7WpMaxeb0CYJ97lEYNR73e+eXgTg2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3494) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2412

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
81KB

MD5
7fa3964832021f15c73d84e515ad28b7

SHA1
00a0e065a773e19c1829cc8c70b41c1d6e57940f

SHA256
c8468b1b8b6cc2236296356160df7d8ed0ebf806f6cc1c7b474c9b2d5e02684a

SHA512
e557f7829640e5dfe73befeb1d1437abd95e1342e5e8c3a5c08431711a306fb3acf84941b7a8904a6054081521097d464c01a4dca7ef3a493d8db58fbf0607dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
89KB

MD5
011a7377ae9348a6ed2a492bc8febcc0

SHA1
54fec134b90b798e8a82a593255258d08ca7849a

SHA256
cd663448071ff58a8e6dc2c7ab9f639c11daa6e445cc1e252445784bfd284c1f

SHA512
453e1b84c141617bc3976598ca0ed96da340678cde56f9082b0b4fae217277962b6a120739b98f35c9da1ed244e3dca50b679c60879c95db8821009c95cdb33f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads