ebaa39d6302ff44842922d549e73ad63df46d5bb2a0620443c71eb29782b5f3f

General

Target

5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
Size

88KB
MD5

5ee25492defc9c1eaedf2773c5367160
SHA1

5bc33e732b038fcbfd499bf2e03ca640ccf04525
SHA256

ebaa39d6302ff44842922d549e73ad63df46d5bb2a0620443c71eb29782b5f3f
SHA512

fdf5004a44cb51ca7f5c1d07f88212ad64808946e86a0b9fd6a39ddf9fac4f86d453142154881f6a065de914a604b531f4be79a8baeef839892e87bcc90c67fa
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vgvGRvGe:6e7WpMaxeb0CYJ97lEYNR73e+eKZJvG/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3498) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:856

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
88KB

MD5
cf183a1cc769e374c4a94ece2457a6ea

SHA1
89d90fe48147b6a76e75db8519c05d819fab14a5

SHA256
9a5cb83e3597313cd7d113e64b5368f98224ce67665ea8a6fe1a384ca6b3c7ab

SHA512
e6f83825d33028ae67da2cefaeafebf67af336bca11d334bde0089e614cf0a13efca41e174dcefcec5358dc9b2e4a6e34ecc884acf1fcb09fdee69d1632ba162

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
97KB

MD5
d04e9e9eb5c19f73cd3a171023f92195

SHA1
814d50d55ec4518dfac450e690e3acedd2663710

SHA256
3cbd71a1e51ed4f9682d6c8c693f4a83139848d414a66ca031200958510417ab

SHA512
f9c67418f07a264e337c15e8c107b6d9e87405d919ae75bec4a6d259771b20bb7d1e599ade85a3c875767e064f018842dcbe2925b57c039ff1f08b6b221d7009

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads