691417c0cb60a9e9d6e17a5b03850e59e5094b9d5c1b5374870e8302268a608e

General

Target

6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
Size

72KB
MD5

6f5d13ae9e517ea6e06be461a2621e90
SHA1

b9305916102f05daa1643bfacc484583e8d83af1
SHA256

691417c0cb60a9e9d6e17a5b03850e59e5094b9d5c1b5374870e8302268a608e
SHA512

764acc128cf3c51ba358b60a457c32d4d80df32370256a70bc66371e681f9c29a47951e1895f7a3bf3d42a19660f9b8eade9cee172321d76112a3274ed643a36
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/U8+d+n:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDc9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DenyExit.aifc.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6f5d13ae9e517ea6e06be461a2621e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1368

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
72KB

MD5
d5e22a53f26a478e6f7df582117ede3a

SHA1
09a9bce30be65049adc4ce3f31f98fbfe82527a0

SHA256
0e643cbfabd57c476ecb621d3fe32e831f6ae52b7758a8db0dae18c3961e2b32

SHA512
7a678e80be04e78ce64215ac5aefa28c6861640b98db1aa56d389c728489376c80b570dabf0574cada80426518de36793d61547e613956a549438e92902ec990

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
81KB

MD5
23ca92aeaa3435a2ae0111bb16a92c4f

SHA1
090dc8a981297417c91b724b63e4907ea57d30d4

SHA256
64801c68d708e261b7ea7b94c84e55ab1be52cabcf40d2c71d645b123e0bf47b

SHA512
2c20023dff5196fe8e522111152075c8f66f089e1e2d9be9b7ba60536fc8313827dfbfe17d05d1a7ed8c0bee95d14298ab51e6e8964c2cd7c3e70fe3a070c336

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads