88e826ede0ba909deb169680de211eb57b0a38fb5dd527c0135d4e3546d5464a

General

Target

ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
Size

71KB
MD5

ea2420c096f01643cb9102ec9d31b8a0
SHA1

a5e197bf801fc93b010195ac82fe1dc30ec56df9
SHA256

88e826ede0ba909deb169680de211eb57b0a38fb5dd527c0135d4e3546d5464a
SHA512

87abb9a298f6ea617b9003cd465625a98e721f83a03a5299d1e69bb6070aaa05071613f0b3c2566692e954d7f33fff7a18b6ccdb0b375ca5628729801014c372
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UE:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3513) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1804

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
71KB

MD5
1947d467824ce3a7cbfed84542c6b090

SHA1
95fa57ec8bf731605d32e39c4e699e27538137f7

SHA256
6f75e5b077511a8bc788b1e839dead66e593ab83d570f673aa19f935a318694d

SHA512
b706ec87f91fa71398cc5a9a6751ff3323f3faf004258bb5afebeb6e143d6970497b414c05c7c35a92a6a027ad927e00a5340553261771b9ddf207af29baae4f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
80KB

MD5
ac109b3e033a60dbe07732b28ed9cf4c

SHA1
6a5600c439b0b08c6e76d27396b1d3c3b0e60cd9

SHA256
cb29a36e540b78aab7c9e7ae795a1d0722ac9f988ed86915b689286adeb176e3

SHA512
8bdb008027ab8e2884ea8e270908ad263583b99e42e56fad2e739de2c8db24141ceb52aabd8a01b9c9a93560efb715dd729386e0e11cb3bc632905565e6d88f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads