668f3813d636f84d437f7ad256f0782b9207d717cf44c014c8e1181ed041175a

General

Target

7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
Size

85KB
MD5

7a793ccdb6ee7b3b73c61fd81a57a370
SHA1

b96f565591f216c5329cdc06b0b5ac9524b8e8ce
SHA256

668f3813d636f84d437f7ad256f0782b9207d717cf44c014c8e1181ed041175a
SHA512

021f9d2dba0c449ea31ce307c3ff9675f011bd6ca1b1f12bd82ee825cd1972d4f296756837be13d80992ba2e7dd67520f1ec82b7d384cdf68786eecf02f572b9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaA:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3520) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\msoe.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2208

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
85KB

MD5
87a55913c08cb91ff98278162004f1ae

SHA1
a16b3716f8ea54f14b2132d626fb7da458a2c746

SHA256
1997c582848fd17dc76a073bf67fc7fce4a8bd905ebf44833f6f4240720cf3aa

SHA512
187e5aca0142991188673c795ccd53386dc16f8a0f5318dc2f42bff54fd84dd98df01b39b699b4a94f3d874fc9084e7a40ca53fede932fdd043a885e30576769

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
94KB

MD5
6b024786c9dadf61e2318ba28c2554e5

SHA1
b868aed90ca834cdfe21998997a4c67ed530e967

SHA256
0b89961854210c6a47292922893bb5146d05a3a6a5e09b01b03f2cd7af47e248

SHA512
7fcbf8cb4a095fd594ca92134837a8dd09ae83444788529525b6a5c5d0b2c553eff284fe5b057caf18c73f9bc6ff1e9feb3a42fccf14c3367c9c1f8c017ce648

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads