c9737534c0fc23d3d6ef5068676f193c3b4e63eab65cb86de6fa6cf6324b9cef

General

Target

51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
Size

84KB
MD5

51ead86d9a8f288d0d85bbb592584e40
SHA1

56b7acf2290af276fe0ffb475b4f04e0bdebe037
SHA256

c9737534c0fc23d3d6ef5068676f193c3b4e63eab65cb86de6fa6cf6324b9cef
SHA512

426c3c4557490ad095b5aa6f1d7cfc9d13bb5f770fb771f88b4384f6a37fa7a134a14b79853787a63965c6b8907981e2442b06f83ee7ce49db9de855cbc4ab88
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaW:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3505) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51ead86d9a8f288d0d85bbb592584e40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2040

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
85KB

MD5
ed576e01acc8ed49f4db8bcb9a57ed92

SHA1
33f7ba9ba9f71de8b957ec623906362ff41e565a

SHA256
1a4f575cc1aaa92f2aa185739a27feef0d35cb87eb0eb6d59e31fe37fcdd1d66

SHA512
08736f3a971b2490a3983ab0f7c1937c47dd4fc2071f747644c8c9588df9c13a9d1ffc3ce8b3873d9516886eb1de6a8c4008432b9c021b9b47bade60a1ca3200

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
7e1380c3b11ed7f0176e2acf4cc556c6

SHA1
339ebb998cfb5511bee50c10708e238ba13bd32c

SHA256
e3510ca25f49b5a38ae008c514c4028842204270f3b4da61be3f7e4720812f44

SHA512
0d94cf3f03b40efaf0b1ef35aece2e4b6159145d60067f9a37a045f4270f0f76eeb82acc803095b2131b8901eab3642c5af3f06fa4821509fb64fb29550514b6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads