47134b323ef38133ce90ccd0cf21801b703c935776d427a45dd54e37e3423fe9

General

Target

c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
Size

86KB
MD5

c5b07d457a03bc4be0234cac51132e90
SHA1

ce37405c6285ade8a219fe366343bc423158bce1
SHA256

47134b323ef38133ce90ccd0cf21801b703c935776d427a45dd54e37e3423fe9
SHA512

f6b33ea50e34a93ed09c8a8ca12b941e38ae3457ae8fc58f5775007372e36c887cc572d81959caf5e05218b612cbec598f85098d5e7dad1a6f926c7fabda5f0a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vn:6e7WpMaxeb0CYJ97lEYNR73e+eKZa

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\UnlockRestore.midi.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c5b07d457a03bc4be0234cac51132e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
87KB

MD5
d7779d0370872125b0163bed1ae7e1b4

SHA1
5b3016d64b8e7328d6f3084bef28ac63dd5b6b42

SHA256
557cc93f17e593c9c5ddcb6a406e6492fa0e9969826bf2591623fba0a1b48116

SHA512
aea33c38f64e7f7f02894e4953b3208e39a1ef5b74f57d3e1b86cb51b010a44fcd97595cd9183fb2774d9bdd247e6e31b638a3fb8b9d5c2918c60ee16dc26552

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
96KB

MD5
9b111284ff1ea22399b22c8761cc3c6d

SHA1
7e7f3476f93ac0ddbe545a86f57db8cad455e9a7

SHA256
f289c37850cb8cf6d5eb2c77faebc195a72f12d59b802aca68984c46bded2e9e

SHA512
fc4af444ed812bd1d99da04d375dd767dc13eb7d1a73d7cad1f09e656f68aa7282f0a4815b4db60c24509f06add378d3607740d8426eb018d4ae611a4b75df73

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads