aa2cfbd1dfa3235a45e245bfc899b78020147363f8b3ee928119b6facca0a149

General

Target

f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
Size

84KB
MD5

f06a0b06094bb04a9a72359820fe1e90
SHA1

cc596c2366237cc9cb9398e331ff58de427ceadf
SHA256

aa2cfbd1dfa3235a45e245bfc899b78020147363f8b3ee928119b6facca0a149
SHA512

5cfac235751cd65282d75168f31f27d6336155d982049c1f8ed07d846fa87cd88ce1b3b89e923c8aa571e901b221e785d26836f7deeb8284e78c82a130882495
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXa2:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3597) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\RestartDisable.xlsb.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2176

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
84KB

MD5
a671e77d4f31a77c6216f716d876142c

SHA1
572d81605e1d303b0a81070041c7fe964dfb7623

SHA256
a6e10dfa917853075be34a13ab5a813626c6cb95f165dad108c7cb074b3a787d

SHA512
46739b6fdb4f6d0ab58c6255d2cbac8295a739914d7da377c6d3fa58f5280ea33defe61c72297305bd22e7cbb2e9721513644afb588d4484a3919897a9bc8037

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
fa7da0733ea2bcacabf8531e05129006

SHA1
4e74ee7d21cd9ca379b15dc3d403bf052b011b6a

SHA256
fac70708dd86b63113d66c311cd64fe703b5ffcb3157b580e71029e2c0e07c2d

SHA512
a17fb1c45fff07100b39ac3511220b0e5c7ec2b22057f41d412a54f3e286e68fa945adef96f2930a72ceaf12238b81271eaad54c280250ce386118d9154a9417

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads