eccd7f9a45b398ecf46a8607ee3d41a4d63a819b1da1df38ff36d37b5441e4e9

General

Target

681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
Size

79KB
MD5

681641ed7babc51f3f867c82b1a19270
SHA1

b8bc4362589bfa9e3d2413723067e7569551a337
SHA256

eccd7f9a45b398ecf46a8607ee3d41a4d63a819b1da1df38ff36d37b5441e4e9
SHA512

aea0853d4c5488fb0c74b8971c26f88456e17677d5240c43a60e0133bd537f70db1c1465645588e26a6554efcf27088d7c368f6748fb333721dcee5c73a5c54f
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHz:W7ZDpApYbWjIlE77ufL2e+efZwZavP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3449) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\681641ed7babc51f3f867c82b1a19270_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
79KB

MD5
7c7104498d2b9548e391a4740bcaf3a2

SHA1
228f61249a73d66fc78f1ec8f331d92171aae5c2

SHA256
2f59debdc37191aeb46feec833e6ae96d3017527523f2d445aa3ca45f7403441

SHA512
1d1c8fca0b5fae2865e20ea42a21dff4d0de5572e8df563682c3abc0c88c124a1f3adb8733296f17f04d32e8c04c6ffa10170321b5fbccf6eed03332cfbe3776

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
88KB

MD5
46d31bcf895f90c3a3122210e1878d3b

SHA1
b3d5db02ddf2614e9f45d6bf48844fcc2dfcfee9

SHA256
1c73a639d620d2b78417eba92c743b50213ae5dabe37f36250348353a358f2a6

SHA512
b3b1f9472c608401271010af643df54e3dc2dd08966791bf3a600b8c6ec22e60ded67fdaeb9b68eb518e4b46373400733120b51731df2809e306f3aa93cd3f0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads